Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2023-09-21 22:13:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.1770 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghostscript" Thu Sep 21 22:13:31 2023 rev:61 rq:1112467 version:9.56.1 Changes: -------- --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-07-27 16:50:19.369649622 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.1770/ghostscript.changes 2023-09-21 22:14:05.945378183 +0200 @@ -1,0 +2,10 @@ +Wed Sep 20 06:23:44 UTC 2023 - Johannes Meixner <[email protected]> + +- CVE-2023-43115.patch is + https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 + that fixes CVE-2023-43115 "remote code execution + via crafted PostScript documents in gdevijs.c" + see https://bugs.ghostscript.com/show_bug.cgi?id=707051 + (bsc#1215466) + +------------------------------------------------------------------- New: ---- CVE-2023-43115.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghostscript.spec ++++++ --- /var/tmp/diff_new_pack.hThBJS/_old 2023-09-21 22:14:07.761444094 +0200 +++ /var/tmp/diff_new_pack.hThBJS/_new 2023-09-21 22:14:07.761444094 +0200 @@ -76,6 +76,14 @@ # as the already fixed CVE-2020-16305 in devices/gdevpcx.c # see https://bugs.ghostscript.com/show_bug.cgi?id=701819 Patch104: CVE-2023-38559.patch +# Patch105 CVE-2023-43115.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 +# that fixes CVE-2023-43115 +# "remote code execution via crafted PostScript documents in gdevijs.c" +# see https://bugs.ghostscript.com/show_bug.cgi?id=707051 +# and https://bugzilla.suse.com/show_bug.cgi?id=1215466 +Patch105: CVE-2023-43115.patch +# Build Requirements: BuildRequires: freetype2-devel BuildRequires: libjpeg-devel BuildRequires: liblcms2-devel @@ -303,6 +311,13 @@ # as the already fixed CVE-2020-16305 in devices/gdevpcx.c # see https://bugs.ghostscript.com/show_bug.cgi?id=701819 %patch104 +# Patch105 CVE-2023-43115.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 +# that fixes CVE-2023-43115 +# "remote code execution via crafted PostScript documents in gdevijs.c" +# see https://bugs.ghostscript.com/show_bug.cgi?id=707051 +# and https://bugzilla.suse.com/show_bug.cgi?id=1215466 +%patch105 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig ++++++ CVE-2023-43115.patch ++++++ --- devices/gdevijs.c.orig 2022-04-04 15:48:49.000000000 +0200 +++ devices/gdevijs.c 2023-09-20 08:18:09.178777690 +0200 @@ -888,6 +888,8 @@ gsijs_initialize_device(gx_device *dev) static const char rgb[] = "DeviceRGB"; gx_device_ijs *ijsdev = (gx_device_ijs *)dev; + if (ijsdev->memory->gs_lib_ctx->core->path_control_active) + return_error(gs_error_invalidaccess); if (!ijsdev->ColorSpace) { ijsdev->ColorSpace = gs_malloc(ijsdev->memory, sizeof(rgb), 1, "gsijs_initialize"); @@ -1326,7 +1328,7 @@ gsijs_put_params(gx_device *dev, gs_para if (code >= 0) code = gsijs_read_string(plist, "IjsServer", ijsdev->IjsServer, sizeof(ijsdev->IjsServer), - dev->LockSafetyParams, is_open); + ijsdev->memory->gs_lib_ctx->core->path_control_active, is_open); if (code >= 0) code = gsijs_read_string_malloc(plist, "DeviceManufacturer",
